|
Log-Analyse und Auswertung: Virenfunde durch MBAMWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
03.03.2014, 14:02 | #1 |
| Virenfunde durch MBAM Hallo, MBAM hat bei mir 5 Funde angezeigt. Ich habe sie entfernen lassen. Kann jemand trotzdem mal drüberschauen. Mbam: Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2014.03.03.03 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 Hubert :: HUBERT-PC [Administrator] 03.03.2014 10:10:28 MBAM-log-2014-03-03 (12-21-05).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|K:\|S:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 403574 Laufzeit: 2 Stunde(n), 9 Minute(n), 26 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 2 HKCR\Typelib\{F126C9FC-9299-40F2-BD42-C59023AD1E7F} (PUP.Optional.GetNow.A) -> Keine Aktion durchgeführt. HKCR\Interface\{237FDFDB-3722-470E-8BA8-90196DABE967} (PUP.Optional.GetNow.A) -> Keine Aktion durchgeführt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 3 K:\$RECYCLE.BIN\S-1-5-21-4285553767-1374707740-3178024607-1000\$RX6K8MW.exe (PUP.Optional.LiveSoftAction.A) -> Keine Aktion durchgeführt. K:\$RECYCLE.BIN\S-1-5-21-4285553767-1374707740-3178024607-1000\$R8F68LU.exe (PUP.Optional.LiveSoftAction.A) -> Keine Aktion durchgeführt. K:\$RECYCLE.BIN\S-1-5-21-4285553767-1374707740-3178024607-1000\$RU1DYP6.exe (PUP.Optional.LiveSoftAction.A) -> Keine Aktion durchgeführt. (Ende) Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1) Log created at 13:09 on 03/03/2014 (Hubert) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-03-2014 Ran by Hubert (administrator) on HUBERT-PC on 03-03-2014 13:11:18 Running from K:\Hubert\Eigene Dokumente\PC - dies und das\FRST Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: German Standard Internet Explorer Version 9 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (IDT, Inc.) c:\program files\idt\wdm\STacSV.exe (Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Seiko Epson Corporation) C:\Windows\system32\EscSvc.exe (MAGIX AG) C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe () C:\Windows\system32\PSIService.exe (Microsoft Corporation) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (X10) C:\Program Files\Common Files\X10\Common\X10nets.exe (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Wistron) C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron Corp.) C:\Program Files\Launch Manager\WButton.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe (Sentelic Corporation) C:\Program Files\FSP\FspUip.exe (Acronis) C:\Program Files\Acronis\DriveMonitor\adm_tray.exe (Wistron Corp.) C:\Program Files\Launch Manager\WisLMSvc.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Mirko Böer) C:\Program Files\SSS\SimpleScreenshot.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Nuance Communications, Inc.) C:\Program Files\Nuance\PDF Viewer Plus\pdfPro5Hook.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (SEIKO EPSON CORPORATION) C:\Program Files\EPSON Software\Event Manager\EEventManager.exe (Geek Software GmbH) C:\Program Files\PDF24\pdf24.exe (SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\w32x86\3\E_FATILPE.EXE (Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Acronis) C:\Program Files\Acronis\DriveMonitor\adm.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation) HKLM\...\Run: [HotkeyApp] - C:\Program Files\Launch Manager\HotkeyApp.exe [192000 2009-08-19] (Wistron) HKLM\...\Run: [Wbutton] - C:\Program Files\Launch Manager\Wbutton.exe [413696 2009-08-05] (Wistron Corp.) HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray.exe [495728 2009-10-24] (IDT, Inc.) HKLM\...\Run: [fspuip] - C:\Program Files\FSP\fspuip.exe [3342336 2009-11-12] (Sentelic Corporation) HKLM\...\Run: [adm_tray.exe] - C:\Program Files\Acronis\DriveMonitor\adm_tray.exe [533808 2010-06-04] (Acronis) HKLM\...\Run: [SimpleScreenshot] - C:\Program Files\SSS\SimpleScreenshot.exe [2255360 2011-07-12] (Mirko Böer) HKLM\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096 2014-02-02] (AVAST Software) HKLM\...\Run: [PDFHook] - C:\Program Files\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.) HKLM\...\Run: [PDF5 Registry Controller] - C:\Program Files\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.) HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM\...\Run: [IAStorIcon] - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2009-12-23] (Intel Corporation) HKLM\...\Run: [EEventManager] - C:\Program Files\Epson Software\Event Manager\EEventManager.exe [1058880 2013-03-28] (SEIKO EPSON CORPORATION) HKLM\...\Run: [PDFPrint] - C:\Program Files\PDF24\pdf24.exe [189480 2014-02-06] (Geek Software GmbH) HKU\S-1-5-21-4285553767-1374707740-3178024607-1000\...\Run: [ISUSPM] - C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler HKU\S-1-5-21-4285553767-1374707740-3178024607-1000\...\Run: [] - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844656 2013-09-04] (Samsung) HKU\S-1-5-21-4285553767-1374707740-3178024607-1000\...\Run: [EPLTarget\P0000000000000000] - C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATILPE.EXE [260160 2013-01-24] (SEIKO EPSON CORPORATION) Startup: C:\Users\Hubert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://medion.msn.com HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = BHO: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation) BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: QTTabBar AutoLoader - {d2bf470e-ed1c-487f-a777-2bd8835eb6ce} - C:\Windows\system32\mscoree.dll (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - No Name - !{d2bf470e-ed1c-487f-a333-2bd8835eb6ce} - No File Toolbar: HKLM - No Name - !{d2bf470e-ed1c-487f-a666-2bd8835eb6ce} - No File Toolbar: HKLM - QTTabBar - {d2bf470e-ed1c-487f-a333-2bd8835eb6ce} - C:\Windows\system32\mscoree.dll (Microsoft Corporation) Toolbar: HKLM - QTTab Standard Buttons - {d2bf470e-ed1c-487f-a666-2bd8835eb6ce} - C:\Windows\system32\mscoree.dll (Microsoft Corporation) Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File Toolbar: HKCU - No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No File DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Hubert\AppData\Roaming\Mozilla\Firefox\Profiles\dm11batf.default FF Homepage: hxxp://www.google.de/ FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll () FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeLive,version=1.3 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF Plugin: @videolan.org/vlc,version=2.0.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Users\Hubert\AppData\Roaming\mozilla\plugins\np-mswmp.dll (Microsoft Corporation) FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: CsFire - C:\Users\Hubert\AppData\Roaming\Mozilla\Firefox\Profiles\dm11batf.default\Extensions\csfire@cs.kuleuven.be [2012-08-25] FF Extension: GoogleSharing - C:\Users\Hubert\AppData\Roaming\Mozilla\Firefox\Profiles\dm11batf.default\Extensions\googlesharing@extension.thoughtcrime.org [2011-07-05] FF Extension: Windows Media Player Extension for Firefox - C:\Users\Hubert\AppData\Roaming\Mozilla\Firefox\Profiles\dm11batf.default\Extensions\jid0-nRwp7VvCqZcSRTppwWz2npqGEKw@jetpack [2012-06-06] FF Extension: WOT - C:\Users\Hubert\AppData\Roaming\Mozilla\Firefox\Profiles\dm11batf.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-11-26] FF Extension: Biet-O-Matic Firefox Erweiterung - C:\Users\Hubert\AppData\Roaming\Mozilla\Firefox\Profiles\dm11batf.default\Extensions\{B0D70E72-2FC1-4b9f-A3D4-5921C854D906} [2010-05-06] FF Extension: DownloadHelper - C:\Users\Hubert\AppData\Roaming\Mozilla\Firefox\Profiles\dm11batf.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2013-09-02] FF Extension: Inline Translator - C:\Users\Hubert\AppData\Roaming\Mozilla\Firefox\Profiles\dm11batf.default\Extensions\itrans@tenshi.xpi [2011-08-14] FF Extension: PDF Download - C:\Users\Hubert\AppData\Roaming\Mozilla\Firefox\Profiles\dm11batf.default\Extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}.xpi [2011-11-04] FF Extension: Tab Control - C:\Users\Hubert\AppData\Roaming\Mozilla\Firefox\Profiles\dm11batf.default\Extensions\{39952c40-5197-11da-8cd6-0800200c9a66}.xpi [2011-04-07] FF Extension: NoScript - C:\Users\Hubert\AppData\Roaming\Mozilla\Firefox\Profiles\dm11batf.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2011-04-15] FF Extension: ImTranslator - C:\Users\Hubert\AppData\Roaming\Mozilla\Firefox\Profiles\dm11batf.default\Extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi [2011-04-10] FF Extension: Adblock Plus - C:\Users\Hubert\AppData\Roaming\Mozilla\Firefox\Profiles\dm11batf.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-05-15] FF Extension: BetterPrivacy - C:\Users\Hubert\AppData\Roaming\Mozilla\Firefox\Profiles\dm11batf.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2011-04-22] Chrome: ======= CHR HomePage: hxxp://www.google.de/ CHR Extension: (Google Drive) - C:\Users\Hubert\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-10] CHR Extension: (WOT) - C:\Users\Hubert\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2013-12-14] CHR Extension: (YouTube) - C:\Users\Hubert\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-10] CHR Extension: (Adblock Plus) - C:\Users\Hubert\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-12-11] CHR Extension: (Google-Suche) - C:\Users\Hubert\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-10] CHR Extension: (backgroundPage) - C:\Users\Hubert\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk [2013-12-10] CHR Extension: (avast! Online Security) - C:\Users\Hubert\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2013-12-10] CHR Extension: (Tabs to the front!) - C:\Users\Hubert\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjaooagfdhdhmbfchnkhggjmacjlacla [2013-12-10] CHR Extension: (Window Close Protector) - C:\Users\Hubert\AppData\Local\Google\Chrome\User Data\Default\Extensions\lnpifgapnmpninomacbhdlconlpikdai [2013-12-15] CHR Extension: (Google Wallet) - C:\Users\Hubert\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-10] CHR Extension: (Google Mail) - C:\Users\Hubert\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-10] CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2013-10-21] ========================== Services (Whitelisted) ================= R2 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [661072 2009-10-31] (Acronis) S4 afcdpsrv; C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe [2480048 2010-01-22] (Acronis) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-02-02] (AVAST Software) S4 CGVPNCliSrvc; C:\Program Files\S.A.D\CyberGhost VPN\CGVPNCliService.exe [2438696 2012-04-26] (mobile concepts GmbH) R2 EpsonScanSvc; C:\Windows\system32\EscSvc.exe [126128 2012-05-17] (Seiko Epson Corporation) R2 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [1155072 2009-02-03] (MAGIX AG) S3 FirebirdServerMAGIXInstance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [3276800 2008-08-07] (MAGIX®) R2 ProtexisLicensing; C:\Windows\system32\PSIService.exe [177704 2007-06-05] () S4 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [244904 2009-07-27] () S4 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [994360 2011-07-29] (Secunia) R2 STacSV; c:\program files\idt\wdm\STacSV.exe [225382 2009-10-24] (IDT, Inc.) R3 WisLMSvc; C:\Program Files\Launch Manager\WisLMSvc.exe [113152 2009-03-04] (Wistron Corp.) R2 x10nets; C:\Program Files\Common Files\X10\Common\X10nets.exe [20480 2001-11-12] (X10) ==================== Drivers (Whitelisted) ==================== R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-02-02] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [79720 2013-10-21] (AVAST Software) R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2013-10-21] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [775952 2014-02-02] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [410784 2014-02-02] (AVAST Software) R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [64168 2014-02-02] (AVAST Software) R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [180248 2014-01-07] () S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [14216 2010-07-15] () S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [8456 2010-07-15] () S3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [37344 2013-06-14] () R0 Lbd; C:\Windows\System32\DRIVERS\Lbd.sys [64288 2010-12-03] (Lavasoft AB) S3 MBAMSwissArmy; C:\Windows\system32\drivers\mbamswissarmy.sys [40776 2014-03-03] (Malwarebytes Corporation) S3 NxpCap; C:\Windows\System32\DRIVERS\NxpCap.sys [1488096 2009-07-30] (NXP Semiconductors Germany GmbH) R3 pfc; C:\Windows\System32\drivers\pfc.sys [21248 2003-09-19] (Padus, Inc.) S3 PSI; C:\Windows\System32\DRIVERS\psi_mf.sys [15544 2010-09-01] (Secunia) R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12872 2010-02-17] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67656 2010-05-10] (SUPERAdBlocker.com and SUPERAntiSpyware.com) S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [25216 2010-02-25] (The OpenVPN Project) R0 tdrpman258; C:\Windows\System32\DRIVERS\tdrpm258.sys [911680 2010-01-22] (Acronis) R3 X10Hid; C:\Windows\System32\Drivers\x10hid.sys [13720 2009-05-13] (X10 Wireless Technology, Inc.) R3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [27160 2009-05-13] (X10 Wireless Technology, Inc.) R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x86.sys [315392 2009-09-28] () U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation) S3 catchme; \??\C:\Users\Hubert\AppData\Local\Temp\catchme.sys [X] S3 dgderdrv; System32\drivers\dgderdrv.sys [X] S2 HWiNFO32; \??\F:\Progs\hwinfo32\HWiNFO32.SYS [X] S3 StarOpen; No ImagePath U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2010-07-04] () ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-03-03 10:09 - 2014-03-03 10:10 - 00040776 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys 2014-03-02 13:20 - 2014-03-02 13:20 - 00000000 ____D () C:\Users\Hubert\AppData\Local\PDF24 2014-03-02 10:45 - 2014-03-02 10:46 - 00000000 ____D () C:\Program Files\PDF24 2014-03-02 10:45 - 2014-03-02 10:45 - 00001827 _____ () C:\Users\Public\Desktop\PDF24 Creator.lnk 2014-03-01 09:48 - 2014-01-09 03:22 - 05694464 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll 2014-02-19 16:42 - 2014-02-19 16:42 - 00000962 _____ () C:\Users\Hubert\Desktop\EPSON Scan.lnk 2014-02-18 15:25 - 2014-03-03 12:25 - 00000917 _____ () C:\Windows\Tasks\EPSON XP-710 Series Update {B3A05D5E-0816-4D39-BC7D-04A0F78A3960}.job 2014-02-18 15:25 - 2014-03-03 12:25 - 00000731 _____ () C:\Windows\Tasks\EPSON XP-710 Series Invitation {B3A05D5E-0816-4D39-BC7D-04A0F78A3960}.job 2014-02-18 15:25 - 2014-02-18 15:25 - 00000000 ____D () C:\Program Files\Common Files\EPSON 2014-02-18 15:22 - 2014-02-18 15:22 - 00000000 ____D () C:\Program Files\EpsonNet 2014-02-18 15:22 - 2012-11-12 20:41 - 00458310 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\ensppui.dll 2014-02-18 15:22 - 2012-11-12 20:41 - 00458310 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\enppui.dll 2014-02-18 15:22 - 2012-11-12 15:15 - 00476027 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\ensppmon.dll 2014-02-18 15:22 - 2012-11-12 15:15 - 00476027 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\enppmon.dll 2014-02-18 15:22 - 2012-10-22 17:19 - 00218112 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\enspres.dll 2014-02-18 15:22 - 2012-10-22 17:19 - 00218112 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\enpres.dll 2014-02-18 15:14 - 2014-02-19 14:24 - 00000000 ____D () C:\Program Files\EPSON Software 2014-02-18 15:13 - 2014-02-18 15:13 - 00000938 _____ () C:\Users\Public\Desktop\EPSON Scan.lnk 2014-02-18 15:13 - 2012-07-24 00:00 - 00342016 _____ (Seiko Epson Corporation) C:\Windows\system32\esw2ud.dll 2014-02-18 15:13 - 2012-05-17 00:00 - 00126128 _____ (Seiko Epson Corporation) C:\Windows\system32\escsvc.exe 2014-02-18 15:10 - 2013-10-22 04:04 - 00142848 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_FLMBLPE.DLL 2014-02-18 15:10 - 2011-03-15 03:03 - 00081408 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_FD4BLPE.DLL 2014-02-18 15:10 - 2007-04-10 01:06 - 00008192 _____ (SEIKO EPSON CORP.) C:\Windows\system32\E_DCINST.DLL 2014-02-18 14:46 - 2014-02-19 14:26 - 00000000 ____D () C:\ProgramData\Epson 2014-02-15 15:06 - 2014-02-15 15:06 - 00001426 _____ () C:\Users\Public\Desktop\LibreOffice 4.1.lnk 2014-02-15 14:44 - 2014-02-15 15:06 - 00000000 ____D () C:\Program Files\LibreOffice 4 2014-02-15 10:24 - 2014-02-05 09:58 - 12345344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-02-15 10:24 - 2014-02-05 09:56 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-02-15 10:24 - 2014-02-05 09:53 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-02-15 10:24 - 2014-02-05 09:51 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-02-15 10:24 - 2014-02-05 09:50 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-02-15 10:24 - 2014-02-05 09:49 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-02-15 10:24 - 2014-02-05 09:49 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2014-02-15 10:24 - 2014-02-05 09:48 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-02-15 10:24 - 2014-02-05 09:48 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-02-15 10:24 - 2014-02-05 09:48 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-02-15 10:24 - 2014-02-05 09:48 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-02-15 10:24 - 2014-02-05 09:48 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-02-15 10:24 - 2014-02-05 09:47 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-02-15 10:24 - 2014-02-05 09:47 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-02-15 10:24 - 2014-02-05 09:47 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-02-15 10:24 - 2014-02-05 09:46 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-02-15 10:21 - 2013-12-06 03:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2014-02-15 10:21 - 2013-12-06 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll 2014-02-15 10:20 - 2014-01-01 00:05 - 00420008 _____ () C:\Windows\system32\locale.nls 2014-02-15 10:20 - 2013-12-25 00:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll 2014-02-15 10:20 - 2013-12-04 03:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll 2014-02-15 10:20 - 2013-12-04 03:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll 2014-02-15 10:20 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll 2014-02-15 10:20 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll 2014-02-15 10:20 - 2013-12-04 03:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll 2014-02-15 10:20 - 2013-12-04 02:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe 2014-02-15 10:20 - 2013-12-04 02:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe 2014-02-15 10:20 - 2013-12-04 02:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe 2014-02-15 10:20 - 2013-12-04 02:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe 2014-02-15 10:20 - 2013-11-26 09:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll 2014-02-08 13:02 - 2014-02-15 15:03 - 00000000 ____D () C:\Program Files\LibreOffice 4.0 2014-02-05 14:16 - 2014-02-05 14:16 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird 2014-02-03 17:46 - 2014-02-03 18:19 - 00181064 _____ (Sysinternals) C:\Windows\PSEXESVC.EXE 2014-02-03 17:36 - 2014-02-03 17:36 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-HUBERT-PC-Microsoft-Windows-7-Home-Premium-(32-bit).dat 2014-02-03 17:35 - 2014-02-03 17:35 - 00000000 ____D () C:\RegBackup 2014-02-03 17:13 - 2014-02-03 17:13 - 00003288 ____N () C:\bootsqm.dat 2014-02-03 17:13 - 2014-02-03 17:13 - 00000000 __SHD () C:\found.000 ==================== One Month Modified Files and Folders ======= 2014-03-03 13:11 - 2014-01-29 18:29 - 00000000 ____D () C:\FRST 2014-03-03 13:10 - 2009-07-14 05:34 - 00010096 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-03-03 13:10 - 2009-07-14 05:34 - 00010096 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-03-03 13:09 - 2009-11-06 04:43 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-03-03 13:06 - 2010-01-24 18:08 - 00000000 ____D () C:\Users\Hubert\AppData\Roaming\EPSON 2014-03-03 13:05 - 2010-02-14 16:48 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-03-03 13:04 - 2013-11-30 12:29 - 00000000 ____D () C:\Windows\de 2014-03-03 13:04 - 2013-08-22 15:39 - 00285528 _____ () C:\Windows\PFRO.log 2014-03-03 13:04 - 2013-07-10 12:42 - 00015526 _____ () C:\Windows\setupact.log 2014-03-03 13:04 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-03-03 13:03 - 2010-01-21 14:40 - 02050694 _____ () C:\Windows\WindowsUpdate.log 2014-03-03 12:36 - 2010-02-14 16:48 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-03-03 12:25 - 2014-02-18 15:25 - 00000917 _____ () C:\Windows\Tasks\EPSON XP-710 Series Update {B3A05D5E-0816-4D39-BC7D-04A0F78A3960}.job 2014-03-03 12:25 - 2014-02-18 15:25 - 00000731 _____ () C:\Windows\Tasks\EPSON XP-710 Series Invitation {B3A05D5E-0816-4D39-BC7D-04A0F78A3960}.job 2014-03-03 10:10 - 2014-03-03 10:09 - 00040776 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys 2014-03-02 13:20 - 2014-03-02 13:20 - 00000000 ____D () C:\Users\Hubert\AppData\Local\PDF24 2014-03-02 10:46 - 2014-03-02 10:45 - 00000000 ____D () C:\Program Files\PDF24 2014-03-02 10:45 - 2014-03-02 10:45 - 00001827 _____ () C:\Users\Public\Desktop\PDF24 Creator.lnk 2014-03-01 09:49 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\de-DE 2014-02-22 10:32 - 2013-12-10 14:48 - 00002125 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-02-19 16:49 - 2010-01-21 14:46 - 00000000 ____D () C:\Users\Hubert 2014-02-19 16:42 - 2014-02-19 16:42 - 00000962 _____ () C:\Users\Hubert\Desktop\EPSON Scan.lnk 2014-02-19 14:26 - 2014-02-18 14:46 - 00000000 ____D () C:\ProgramData\Epson 2014-02-19 14:24 - 2014-02-18 15:14 - 00000000 ____D () C:\Program Files\EPSON Software 2014-02-19 14:24 - 2009-11-06 07:16 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information 2014-02-18 15:25 - 2014-02-18 15:25 - 00000000 ____D () C:\Program Files\Common Files\EPSON 2014-02-18 15:22 - 2014-02-18 15:22 - 00000000 ____D () C:\Program Files\EpsonNet 2014-02-18 15:13 - 2014-02-18 15:13 - 00000938 _____ () C:\Users\Public\Desktop\EPSON Scan.lnk 2014-02-18 15:13 - 2010-01-24 17:26 - 00000000 ____D () C:\Program Files\epson 2014-02-18 15:13 - 2009-07-14 05:52 - 00000000 ____D () C:\Windows\twain_32 2014-02-18 15:05 - 2009-07-14 05:52 - 00000000 ____D () C:\Windows\system32\FxsTmp 2014-02-18 13:05 - 2013-10-25 18:33 - 00000000 ____D () C:\Program Files\Brother 2014-02-18 13:02 - 2013-10-25 18:34 - 00000000 ____D () C:\Program Files\ControlCenter4 2014-02-15 15:11 - 2010-01-21 16:18 - 00121040 _____ () C:\Users\Hubert\AppData\Local\GDIPFONTCACHEV1.DAT 2014-02-15 15:09 - 2009-07-14 05:33 - 00445376 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-02-15 15:06 - 2014-02-15 15:06 - 00001426 _____ () C:\Users\Public\Desktop\LibreOffice 4.1.lnk 2014-02-15 15:06 - 2014-02-15 14:44 - 00000000 ____D () C:\Program Files\LibreOffice 4 2014-02-15 15:03 - 2014-02-08 13:02 - 00000000 ____D () C:\Program Files\LibreOffice 4.0 2014-02-15 12:57 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET 2014-02-15 10:28 - 2013-07-12 13:22 - 00000000 ____D () C:\Windows\system32\MRT 2014-02-15 10:28 - 2009-11-06 09:23 - 85946576 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-02-08 13:06 - 2011-12-06 10:16 - 00000000 ____D () C:\Users\Hubert\AppData\Roaming\LibreOffice 2014-02-08 13:05 - 2013-04-09 11:51 - 00000000 ____D () C:\Program Files\LibreOffice 3.5 2014-02-08 12:57 - 2009-07-14 09:57 - 00000000 ____D () C:\Windows\ShellNew 2014-02-05 18:39 - 2009-11-06 08:57 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-02-05 18:32 - 2009-11-06 09:09 - 00000000 ____D () C:\Program Files\Windows Live 2014-02-05 14:16 - 2014-02-05 14:16 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird 2014-02-05 14:04 - 2013-12-12 10:14 - 00000000 ____D () C:\Users\Hubert\AppData\Local\Thunderbird 2014-02-05 09:58 - 2014-02-15 10:24 - 12345344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-02-05 09:56 - 2014-02-15 10:24 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-02-05 09:53 - 2014-02-15 10:24 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-02-05 09:51 - 2014-02-15 10:24 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-02-05 09:50 - 2014-02-15 10:24 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-02-05 09:49 - 2014-02-15 10:24 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-02-05 09:49 - 2014-02-15 10:24 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2014-02-05 09:48 - 2014-02-15 10:24 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-02-05 09:48 - 2014-02-15 10:24 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-02-05 09:48 - 2014-02-15 10:24 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-02-05 09:48 - 2014-02-15 10:24 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-02-05 09:48 - 2014-02-15 10:24 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-02-05 09:47 - 2014-02-15 10:24 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-02-05 09:47 - 2014-02-15 10:24 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-02-05 09:47 - 2014-02-15 10:24 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-02-05 09:46 - 2014-02-15 10:24 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-02-03 18:19 - 2014-02-03 17:46 - 00181064 _____ (Sysinternals) C:\Windows\PSEXESVC.EXE 2014-02-03 17:36 - 2014-02-03 17:36 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-HUBERT-PC-Microsoft-Windows-7-Home-Premium-(32-bit).dat 2014-02-03 17:35 - 2014-02-03 17:35 - 00000000 ____D () C:\RegBackup 2014-02-03 17:13 - 2014-02-03 17:13 - 00003288 ____N () C:\bootsqm.dat 2014-02-03 17:13 - 2014-02-03 17:13 - 00000000 __SHD () C:\found.000 2014-02-03 14:36 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\NDF 2014-02-03 10:08 - 2013-10-29 15:24 - 00000000 ____D () C:\ProgramData\ControlCenter4 2014-02-02 10:24 - 2011-07-26 15:13 - 00002051 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk 2014-02-02 10:23 - 2014-01-07 17:31 - 00064168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys 2014-02-02 10:23 - 2011-07-26 15:13 - 00775952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2014-02-02 10:23 - 2011-07-26 15:13 - 00410784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys 2014-02-02 10:23 - 2011-07-26 15:13 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2014-02-02 10:23 - 2011-07-26 15:12 - 00270240 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2014-02-02 10:23 - 2011-07-26 15:12 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr Some content of TEMP: ==================== C:\Users\Hubert\AppData\Local\temp\4bdqfg5k.dll C:\Users\Hubert\AppData\Local\temp\4vuvkusm.dll C:\Users\Hubert\AppData\Local\temp\jre-7u45-windows-i586-iftw.exe C:\Users\Hubert\AppData\Local\temp\jre-7u51-windows-i586-iftw.exe C:\Users\Hubert\AppData\Local\temp\Quarantine.exe C:\Users\Hubert\AppData\Local\temp\_is1FB1.exe C:\Users\Hubert\AppData\Local\temp\_is2963.exe C:\Users\Hubert\AppData\Local\temp\_is2AC7.exe C:\Users\Hubert\AppData\Local\temp\_is30FF.exe C:\Users\Hubert\AppData\Local\temp\_is3B99.exe C:\Users\Hubert\AppData\Local\temp\_is4342.exe C:\Users\Hubert\AppData\Local\temp\_is4A81.exe C:\Users\Hubert\AppData\Local\temp\_is4AB6.exe C:\Users\Hubert\AppData\Local\temp\_is5311.exe C:\Users\Hubert\AppData\Local\temp\_is6A37.exe C:\Users\Hubert\AppData\Local\temp\_is88B0.exe C:\Users\Hubert\AppData\Local\temp\_is89CA.exe C:\Users\Hubert\AppData\Local\temp\_is8D53.exe C:\Users\Hubert\AppData\Local\temp\_is9A3.exe C:\Users\Hubert\AppData\Local\temp\_is9AE6.exe C:\Users\Hubert\AppData\Local\temp\_isA923.exe C:\Users\Hubert\AppData\Local\temp\_isAA83.exe C:\Users\Hubert\AppData\Local\temp\_isBEBC.exe C:\Users\Hubert\AppData\Local\temp\_isD03A.exe C:\Users\Hubert\AppData\Local\temp\_isD4FC.exe C:\Users\Hubert\AppData\Local\temp\_isD924.exe C:\Users\Hubert\AppData\Local\temp\_isE3C9.exe C:\Users\Hubert\AppData\Local\temp\_isEA6E.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\system32\winlogon.exe => MD5 is legit C:\Windows\system32\wininit.exe => MD5 is legit C:\Windows\system32\svchost.exe => MD5 is legit C:\Windows\system32\services.exe => MD5 is legit C:\Windows\system32\User32.dll => MD5 is legit C:\Windows\system32\userinit.exe => MD5 is legit C:\Windows\system32\rpcss.dll => MD5 is legit C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-06-21 18:42 ==================== End Of Log ============================ Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net Rootkit scan 2014-03-03 13:37:26 Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 TOSHIBA_ rev.AX00 465,76GB Running: Gmer-19357.exe; Driver: C:\Users\Hubert\AppData\Local\Temp\uwrirpow.sys ---- System - GMER 2.1 ---- SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwAddBootEntry [0x9102AACC] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwAssignProcessToJobObject [0x9102B5AA] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwCreateEvent [0x91037692] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwCreateEventPair [0x910376DE] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwCreateIoCompletion [0x91037878] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwCreateMutant [0x91037600] SSDT \??\C:\Windows\system32\drivers\aswSP.sys ZwCreateSection [0x910E1426] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwCreateSemaphore [0x91037648] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwCreateThread [0x9102BAE0] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwCreateThreadEx [0x9102BCFC] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwCreateTimer [0x91037832] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwDebugActiveProcess [0x9102C398] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwDeleteBootEntry [0x9102AB32] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwDuplicateObject [0x9102FBE4] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwLoadDriver [0x9102A71E] SSDT \??\C:\Windows\system32\drivers\aswSP.sys ZwMapViewOfSection [0x910E1506] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwModifyBootEntry [0x9102AB98] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwNotifyChangeKey [0x9102FFDA] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwNotifyChangeMultipleKeys [0x9102CEDE] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenEvent [0x910376BC] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenEventPair [0x91037700] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenIoCompletion [0x9103789C] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenMutant [0x91037626] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenProcess [0x9102F4DE] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenSection [0x910377B0] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenSemaphore [0x91037670] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenThread [0x9102F8C6] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenTimer [0x91037856] SSDT \??\C:\Windows\system32\drivers\aswSP.sys ZwProtectVirtualMemory [0x910E12AA] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwQueryObject [0x9102CCF4] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwQueueApcThreadEx [0x9102CA02] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwSetBootEntryOrder [0x9102ABFE] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwSetBootOptions [0x9102AC64] SSDT \??\C:\Windows\system32\drivers\aswSP.sys ZwSetContextThread [0x910E1602] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwSetSystemInformation [0x9102A7B8] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwSetSystemPowerState [0x9102A98A] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwShutdownSystem [0x9102A918] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwSuspendProcess [0x9102C562] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwSuspendThread [0x9102C6C4] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwSystemDebugControl [0x9102AA12] SSDT \??\C:\Windows\system32\drivers\aswSP.sys ZwTerminateProcess [0x910E1378] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwTerminateThread [0x9102C1F2] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwVdmControl [0x9102ACCA] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwWriteVirtualMemory [0x9102B606] ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwRollbackEnlistment + 142D 82E86A15 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82EC0212 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntkrnlpa.exe!KeRemoveQueueEx + 10CB 82EC7460 4 Bytes [CC, AA, 02, 91] .text ntkrnlpa.exe!KeRemoveQueueEx + 1153 82EC74E8 4 Bytes [AA, B5, 02, 91] {STOSB ; MOV CH, 0x2; XCHG ECX, EAX} .text ntkrnlpa.exe!KeRemoveQueueEx + 11A7 82EC753C 8 Bytes [92, 76, 03, 91, DE, 76, 03, ...] {XCHG EDX, EAX; JBE 0x6; XCHG ECX, EAX; FIDIV WORD [ESI+0x3]; XCHG ECX, EAX} .text ntkrnlpa.exe!KeRemoveQueueEx + 11B3 82EC7548 4 Bytes [78, 78, 03, 91] .text ntkrnlpa.exe!KeRemoveQueueEx + 11CF 82EC7564 4 Bytes [00, 76, 03, 91] {ADD [ESI+0x3], DH; XCHG ECX, EAX} .text ... PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 108 830824DF 4 Bytes CALL 9102D5C5 \??\C:\Windows\system32\drivers\aswSnx.sys PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 122 8309C347 4 Bytes CALL 9102D5DB \??\C:\Windows\system32\drivers\aswSnx.sys ? System32\drivers\vscu.sys Das System kann den angegebenen Pfad nicht finden. ! ---- User code sections - GMER 2.1 ---- .text C:\Program Files\EPSON Software\Event Manager\EEventManager.exe[256] kernel32.dll!GetBinaryTypeW + 70 770969E4 1 Byte [62] .text C:\Windows\servicing\TrustedInstaller.exe[608] kernel32.dll!GetBinaryTypeW + 70 770969E4 1 Byte [62] .text C:\Windows\system32\EscSvc.exe[616] kernel32.dll!GetBinaryTypeW + 70 770969E4 1 Byte [62] .text C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe[620] kernel32.dll!GetBinaryTypeW + 70 770969E4 1 Byte [62] .text C:\Windows\system32\csrss.exe[748] kernel32.dll!GetBinaryTypeW + 70 770969E4 1 Byte [62] .text ... .text C:\Windows\Explorer.EXE[3396] SHELL32.dll!SHCreateShellFolderView + EB7 7606176E 5 Bytes JMP 65F91890 C:\Program Files\QTTabBar\QTHookLib32.dll .text C:\Windows\Explorer.EXE[3396] SHELL32.dll!SHCreateDefaultExtractIcon + 7B28 760A3C11 5 Bytes JMP 65F91920 C:\Program Files\QTTabBar\QTHookLib32.dll .text C:\Windows\Explorer.EXE[3396] SHELL32.dll!SHFileOperation + F970 7629AC19 5 Bytes JMP 65F91B20 C:\Program Files\QTTabBar\QTHookLib32.dll .text C:\Windows\Explorer.EXE[3396] SHELL32.dll!SHLoadInProc + 22474 762E7B1C 5 Bytes JMP 65F91A40 C:\Program Files\QTTabBar\QTHookLib32.dll .text C:\Windows\Explorer.EXE[3396] ole32.dll!RegisterDragDrop 757BE924 5 Bytes JMP 65F91620 C:\Program Files\QTTabBar\QTHookLib32.dll .text C:\Windows\Explorer.EXE[3396] ole32.dll!CoCreateInstance 757E9D0B 5 Bytes JMP 65F915C0 C:\Program Files\QTTabBar\QTHookLib32.dll .text C:\Program Files\Acronis\DriveMonitor\adm_tray.exe[3404] kernel32.dll!GetBinaryTypeW + 70 770969E4 1 Byte [62] .text C:\Windows\system32\svchost.exe[3536] kernel32.dll!GetBinaryTypeW + 70 770969E4 1 Byte [62] .text C:\Program Files\FSP\FspUip.exe[3576] kernel32.dll!GetBinaryTypeW + 70 770969E4 1 Byte [62] .text C:\Program Files\Launch Manager\WisLMSvc.exe[3720] kernel32.dll!GetBinaryTypeW + 70 770969E4 1 Byte [62] .text C:\Windows\system32\svchost.exe[3804] kernel32.dll!GetBinaryTypeW + 70 770969E4 1 Byte [62] .text ... ---- Devices - GMER 2.1 ---- Device Ntfs.sys AttachedDevice tdrpm258.sys Device volmgr.sys AttachedDevice fltmgr.sys Device iaStor.sys ---- Registry - GMER 2.1 ---- Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\XP-710 Series(Netzwerk)@ChangeID 156250 Reg HKLM\SOFTWARE\Microsoft\Windows Search\UsnNotifier\Windows\Catalogs\SystemIndex@{00D40C5D-2089-11E0-992C-806E6F6E6963} 6449980912 Reg HKLM\SOFTWARE\Microsoft\Windows Search\UsnNotifier\Windows\Catalogs\SystemIndex@{54465A87-2089-11E0-9542-B833ABCC903B} 73749504 ---- EOF - GMER 2.1 ---- |
03.03.2014, 14:20 | #2 |
/// the machine /// TB-Ausbilder | Virenfunde durch MBAM Hi,
__________________sieht gut aus. Probleme mit dem Rechner?
__________________ |
03.03.2014, 16:32 | #3 |
| Virenfunde durch MBAM Danke für die schnelle Antwort,
__________________Bis jetzt keine Auffälligkeiten |
04.03.2014, 12:15 | #4 |
/// the machine /// TB-Ausbilder | Virenfunde durch MBAM Dann ist der Rechner sauber, waren nur die paar Funde von MBAM
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
04.03.2014, 14:24 | #5 |
| Virenfunde durch MBAM Guter Abschluss, danke. |
05.03.2014, 12:23 | #6 |
/// the machine /// TB-Ausbilder | Virenfunde durch MBAM Gern Geschehen
__________________ --> Virenfunde durch MBAM |
Themen zu Virenfunde durch MBAM |
administrator, antivirus, avast, browser, cyberghost, desktop, download, entfernen, explorer, harddisk, helper, home, homepage, installation, launch, mozilla, netzwerk, pdf, registry, scan, secunia psi, security, services.exe, software, superantispyware, svchost.exe, temp, tracker, winlogon.exe |